PERSONAL DATA PROTECTION POLICY

For the avoidance of any doubt, by using PHARMLY, the user confirms that they have previously been informed about and agree with this Personal Data Protection Policy, which was accessible, readable, and understandable to them.

1. INTRODUCTORY PROVISIONS AND TERMINOLOGY

For the purposes of this document, the following terminology will be used:

1. STEPTO: In the context of this Personal Data Protection Policy, refers to the company STEPTO DOO BEOGRAD, located at Bulevar Vudroa Vilsona 6, 13th floor, apartment no. 01, registration number: 21742953, tax ID: 112803663 (hereinafter referred to as "STEPTO").

2. PHARMLY: In the context of this Personal Data Protection Policy, refers to the Software as a Service (SAAS) developed by STEPTO, available at https://pharmly.tech (hereinafter referred to as "PHARMLY").PHARMLY is a platform dedicated to providing efficient and reliable AI solutions for the procurement of active pharmaceutical ingredients (APIs) and excipients. The content of PHARMLY and the provision of services through PHARMLY are regulated by the Law on Obligational Relations, the Law on Personal Data Protection, the Law on Advertising, the Law on Trade, the Law on Electronic Commerce, other applicable regulations of the Republic of Serbia, as well as the General Terms and Conditions of PHARMLY, which are available at https://pharmly.tech/terms-and-conditions . STEPTO undertakes to provide services to the user in accordance with this Personal Data Protection Policy, in the manner and with the limitations prescribed herein, and in compliance with the applicable regulations of the Republic of Serbia.

3. User: In the context of this Personal Data Protection Policy, refers to the natural person using PHARMLY, whose personal data is being processed (hereinafter referred to as "User," in plural "Users").

4. Personal Data: In the context of this Personal Data Protection Policy, refers to any data relating to a natural person whose identity is or can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. PERSONAL DATA , PURPOSE AND BASIS OF PERSONAL DATA PROCESSING

STEPTO may collect, store, display, organize, and otherwise process certain personal data. It is noted that STEPTO is the controller of the personal data, as it independently determines the purpose and method of processing.

To smoothly conduct processes and business logic within PHARMLY, and to improve the services provided by STEPTO through PHARMLY, STEPTO collects and processes the personal data of Users, which includes:

1. Full name;

2. Email address;

3. Browser data and IP address;

4. User’s geolocation.

It is noted that special categories of personal data are not subject to processing. It is noted that STEPTO obtains personal data when the User registers on PHARMLY (email, full name) or when the User accesses the PHARMLY website via a browser.

Personal data is processed based on the User’s consent. Consent is any freely given, specific, informed, and unambiguous indication of the User's wishes, by which the User, through a statement or clear affirmative action, signifies agreement to the processing of personal data relating to them.

It is considered that the use of PHARMLY by the User constitutes a clear affirmative action by which the User gives consent for the processing of personal data.

For the avoidance of any doubt, by using PHARMLY, the User confirms that they have been previously informed about and agrees with the terms prescribed in this Policy, which was accessible, readable, and understandable to them.

The legal basis for processing personal data may also be:

1. Performance of a contract concluded with the User, or users’s Company or for taking action at the request of the User or User's company prior to the conclusion of the contract;

2. Compliance with the legal obligations of STEPTO;

3. Legitimate interests of STEPTO.

For example, STEPTO's legitimate interests may include:

1. Better understanding of Users and user experience;

2. Protection of business operations and support to Users;

3. Testing and development of new services or improvement of existing ones;

4. Identification and protection of Users and PHARMLY from illegal activities.

STEPTO is obligated to process personal data in accordance with the Law on Personal Data Protection and to apply all data protection measures, ensuring the rights and freedoms of individuals to whom the data relates.

STEPTO is responsible for all personal data that the User or a person authorized by the User places, stores, organizes, transfers, or otherwise makes available or processes in connection with and through the use of PHARMLY and other services related to PHARMLY.

3. COOKIES

It is noted that PHARMLY contains implemented cookie technology. A cookie is information, in the form of a text file, that PHARMLY stores on the User’s computer, tablet, mobile phone, or any other device that can receive cookies. The role of cookies is to enable PHARMLY to function or to function more efficiently, as well as to provide STEPTO with information such as visits, duration of visits on PHARMLY, identification of the User’s device, and similar data. The cookies present on PHARMLY are:

1. Necessary Cookies: These cookies are essential for the proper functioning of PHARMLY. They allow the User to navigate through PHARMLY and use its features. Necessary Cookies cannot be disabled, as they are fundamental for PHARMLY's operation.

2. Performance and Analytics Cookies: These cookies help STEPTO understand the User’s interaction with the Application by collecting anonymous data. This information allows STEPTO to improve PHARMLY and the user experience.

4. THIRD PARTIES

It is noted that by using PHARMLY, the User has given consent for the following companies to process their personal data on behalf of STEPTO:

1. Google, LLC;

2. Vercel;

3. Blend.ai;

4. Supabase;

5. Resend.com;

It is noted that the processors listed below have been pre-approved by the User:

1. Google (data protection policies available at: https://policies.google.com/privacy?hl=en-US);

2. Vercel (data protection policies available at: https://vercel.com/legal/privacy-policy);

3. Blend.ai (data protection policies available at: https://app.blend.ai/files/privacy_policy.pdf);

4. Supabase (data protection policies available at: https://supabase.com/privacy);

5. Resend.com (data protection policies available at: https://resend.com/legal/privacy-policy).

These companies are located in countries where the transfer of data is permitted because they are:

1. Countries listed in the Decision on the List of Countries, parts of their territories, or one or more sectors of certain activities in those countries and international organizations where an adequate level of personal data protection is considered to be provided, or

2. Countries that have concluded an international agreement on the transfer of personal data with the Republic of Serbia, or

3. Countries that are signatories to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, or

4. Countries approved by the European Union as providing an adequate level of protection.

5. GEOLOCATION AS PERSONAL DATA

STEPTO, in order to monitor visits, optimize and fulfill the purpose and function of PHARMLY, may use Google Analytics, an analytical services platform provided by Google, LLC (hereinafter referred to as "Google"). Google Analytics enables STEPTO to more easily analyze the use of PHARMLY by Users through the use of geolocation technologies. The information collected in this manner is transferred and stored on Google's servers. Google, using appropriate protective measures, processes information related to activities on the PHARMLY website and internet usage. Google may forward this information to third parties where required by law, or where such third parties process the aforementioned data on behalf of Google. By using PHARMLY, the User consents to Google processing personal data – the User's geolocation – in the manner described herein and for the aforementioned purposes, and it is noted that Google collects personal data both as a controller and as a processor of personal data. Google will store this personal data in accordance with its privacy policies, over which STEPTO has no influence.

6. DATA SECURITY

STEPTO implements robust security measures, including encryption and secure servers, to protect data against unauthorized access, alteration, or destruction. Despite our efforts, no system can guarantee absolute security. The application employs JSON Web Tokens (JWT) for secure authentication and utilizes HTTPS encryption to ensure data protection across all communications. Furthermore, the application adheres fully to HIPAA compliance standards, ensuring the confidentiality, integrity, and availability of protected health information (PHI).

All user data is securely stored on servers in Frankfurt, Germany, and is not shared, transferred, or disclosed to any third parties. The collected data is utilized exclusively to enhance the user experience and improve the quality of our services.

7. PERSONAL DATA RETENTION PERIOD

STEPTO shall retain personal data over a period of 5 (in letters: five) years, after which all personal data related to a particular User shall be deleted. However, this retention period shall be reset upon each repurchase of any of PHARMLY's subscription plans.

8. RECORD OF PROCESSING ACTIVITIES AND APPLICATION OF THE LAW

STEPTO maintains a record of processing activities in accordance with the law.

The record referred to in paragraph 1 of this section is kept in written form, including electronic form, and is stored permanently.

For all other issues regarding personal data protection, the Law on Personal Data Protection will apply. In case of any conflict between the provisions of this Policy and the Law on Personal Data Protection, the provisions of the Law will prevail.

9. CONTACT

All information regarding this Policy can be obtained by sending an email to info@pharmly.tech.STEPTO reserves the right to ignore any irrelevant inquiry or inquiry that is not sent to the address provided here.